To be able to use your account on the OUTSCALE Cloud, you need to authenticate. This can be done using various methods and with various degrees of security.
The primary authentication schemes for your account are:
These authentication schemes can be used for the APIs and command line interfaces, as well as for Cockpit.
For more information on authentication for the APIs, see the Authentication Schemes section in the OUTSCALE API documentation.
When using Cockpit, once you are logged in, all subsequent actions are done using an access key.
You can increase the security of your account by using multi-factor authentication (MFA). This feature adds an extra step of authentication to the primary authentication procedure by requesting another authentication factor.
When using Cockpit v2, you can set up MFA via the following methods:
A security key or device biometrics using WebAuthn. For more information, see Setting Up MFA for Your Account Using WebAuthn or an OTP > WebAuthn.
A one-time password (OTP) using an authentication application. For more information, see Setting Up MFA for Your Account Using WebAuthn or an OTP > One-Time Password.
You can also set up MFA for the APIs and Cockpit v2 using an x509 certificate stored in your computer or another device. For more information, see Tutorial: Setting Up MFA for Your Account Using a Certificate.
You can add an additional layer of security to your account by activating Trusted Env.
Trusted Env requires that all users of an account, including the root user, authenticate using two factors and only emit calls signed with temporary access keys.
Activating Trusted Env can only be done through the OUTSCALE API and requires that the root user is already only using temporary access keys. For more information, see Activating a Trusted Session.
When Trusted Env is activated, you are using the OUTSCALE Cloud within a trusted session. A trusted session is valid as long as your access keys have not expired. For more information, see About Your API Access Policy > Trusted Session.
When using Cockpit v2 for the first time following the activation of Trusted Env, you must authenticate using the WebAuthn method. If you have not set up this authentication method beforehand, you will have to set it up upon first connection.
After this first connection, if you have also set up a one-time password (OTP), you may use either one of these authentication methods as long as the WebAuthn method is set up. For more information, see Setting Up MFA for Your Account Using WebAuthn or an OTP.